[Japanese] | |
JVNDB-2017-004607 | |
Deep Discovery Email Inspector vulnerable to arbitrary code execution | |
Overview | |
Deep Discovery Email Inspector provided by Trend Micro Incorporated contains an arbitrary code execution vulnerability due to an issue in uploading files. | |
CVSS Severity (What is CVSS?) | |
CVSS V3 Severity:
Base Metrics 9.8 (Critical) [IPA Score]
CVSS V2 Severity:
Base Metrics 10.0 (High) [IPA Score]
| |
Affected Products | |
| |
Trend Micro, Inc. | |
| |
Impact | |
An unauthenticated remote attacker may upload an arbitrary file to the system where the product resides. As a result, arbitrary code may be executed with the root privilege. | |
Solution | |
[Apply the Patch] | |
Vendor Information | |
Trend Micro, Inc. | |
CWE (What is CWE?) | |
| |
CVE (What is CVE?) | |
| |
References | |
| |
Revision History | |
|
Date Public | 2017/04/11 |
Date First Published | 2018/01/31 |
Date Last Updated | 2018/01/31 |